> Hmm; I think that would work, assuming that we can be sure that the
> chdir() is safe.  And no, unlink doesn't change its pathname to a
> fully-qualified one, as far as I can tell.
> 

Chdirs should never be down more than one level.  It ought to be possible 
to compare the inodes of parent after the chdir to ensure nothing unsafe 
happened.

If this does work, then the idea could probably be extended to a "safe" 
-exec which ran the exec'ed program in the chdir'ed directory containing 
the named file -- this would then lead to a safe(er) way of doing the 
chmod and other ideas.

R.